Protect your WordPress website from Malware and Viruses


WordPress is a most popular Content Management System (CMS) platform for single blogs to large business portals. Today, WordPress is powering over 75 million websites. However, with growing popularity comes with growing dejection. Web-based malware attacks have gone up by 85% in 2016-2017 and since WordPress is a most popular platform it gets more suspicious attacks.

We have faced many instances where our clients websites have faced vulnerabilities such as SQL injections, PHP code injections & Javascript Malware injections. As a WordPress user how can you protect your website from these injections?

Here are few steps to get started

  1. WordPress Update

    Most common attacks/injections happen because of outdated WordPress files or plugins. WordPress has a very great and strong community as-soon-as, malware is detected, it gets plugged. So it is first basic step to stay updated.

    Important Note: Before you update your WordPress version, do take a backup of your website files and database separately. For more information, feel free to contact sharat @

  2. File and Folder permissions
    Go to your cPanel and set the File permissions to 644 and folder permissions to 755. Files with 777 permissions are ready to welcome hackers to set-up malware base on your website.
  3. Make USERNAME harder for the hackers!
    WordPress lets you give admin access to other user accounts. So, use a unique username instead of admin as username for login.
  4. Change wp-config.php file location
    This is another file which is mostly affected by attackers and by default it is located at your_host/wordpress/wp-config.php. You can move it to the root directory i.e your_host/wp-config.php. This way, you actually befool hackers, bcos they cant search your file location, un-till they are in-side your system.

  5. Themes and Plugins
    Be aware of pirated themes and plugins. Always use themes from trusted sources. These pirated themes and plugins usually contain spam bots which can harm your website. Also, in worst case they can steal your critical information.
  6. Secure Server Connections
    HTTPS is most secure way of transacting online. Use sFTP or SSH instead of FTP. Keep your website secure with SSL certificate, its not that expensive with us. Check our SSL Certificate page for more information.

  7. Regular Backups
    As the old precept goes, prevention is better than cure. We surely suggest premium backup solution which can take full & secure backups of your site regularly after a given interval of time.

So, Secure your website and protect yourself from these malware attacks.